In section 3.2.1, The WWW-Authenticate Response Header
OLD:
domain
A space-separated list of URIs, as specified in RFC XURI [7]. The intent is
that the client could use this information to know the set of URIs for which
the same authentication information should be sent. The URIs in this list
may exist on different servers. If this keyword is omitted or empty, the
client should assume that the domain consists of all URIs on the responding
server.
NEW:
domain
A space-separated list of URIs, as specified in RFC XURI [7] that define the
protection space. If a URI is relative, it is relative to canonical root
URL (see section 5.1.2 of [2]) of the server being accessed. The URIs in
this list may refer to different servers. The client can use this list to
determine the set of URIs for which the same authentication information may
be sent: any URI that has a URI in this list as a prefix (after both have
been made absolute) may be assumed to be in the same protection space. If
this keyword is omitted or empty, the client should assume that the
protection space consists of all URIs on the responding server.
RATIONALE:
The terminology of "protection space" was not used for Digest. The means for
determining when Digest clients could use the same credentials was
under-specified.